Few would debate the importance of recognising and addressing conduct risk. The recent increased attention it has received within the financial services industry has been largely driven by ever-strengthening conduct of business supervision. This paper by Milliman’s Emma Hutchinson and Jennifer van der Ree covers recent regulatory developments in the United Kingdom in relation to conduct risk. The authors also discuss best practice for robust conduct risk management frameworks.
For a number of years now, legislators from around the globe have poured huge energy and resources into assisting with the development, and in some cases complete reworking, of their prudential regulatory regimes. Local regulatory authorities have been similarly active in the implementation of these changes. Finally, the dust is starting to settle on this latest wave of change, with the likes of Solvency II for insurers now in place in Europe, and the Own Risk and Solvency Assessment (ORSA), in its various guises, firmly recognised globally as a key cornerstone of best practice when it comes to sound solvency management.
Now attention is slowly but surely starting to turn to conduct, the second key function of regulatory authorities, and legislators have become active again. Recent years have seen conduct risk push its way ever higher up the agenda. What do we mean by conduct risk though? The International Association of Insurance Supervisors (IAIS) has succinctly described it as ‘the risk to customers, insurers, the insurance sector or the insurance market that arises from insurers and/or intermediaries conducting their business in a way that does not ensure fair treatment of customers.’ The chair of the Financial Stability Board (FSB) has stated that ‘the scale of misconduct in some financial institutions has risen to a level that has the potential to create systemic risks.’ Such observations have served to further place conduct risk management in the spotlight, not just in the insurance industry but across the whole spectrum of financial services firms.
So what has been happening in this space? At a global level, the IAIS and the FSB have both been active. The IAIS has, through its Insurance Core Principles (ICPs), set out a number of key conduct requirements, namely suitability of persons (ICP5), corporate governance (ICP7), risk management and internal controls (ICP8) and conduct of business (ICP19). The FSB, charged with developing and promulgating global financial policies designed to minimise the likelihood of another financial crisis, has published a number of reports on measures to tackle misconduct in financial services. In May last year, it published a report setting out the next steps in its work to consider the role that governance frameworks have to play in reducing misconduct. It listed the following five themes as key elements of conduct risk management:
1. Clearly defined corporate strategy and risk appetite with relevant controls.
2. Appropriate expertise, stature, responsibility, independence, prudence, transparency and oversight on the part of board members and control functions.
3. Corporate culture.
4. Effective control environment.
5. Appropriate people management and incentives.
Risks relating to conduct of business are attracting increased attention across financial services firms, prompted by the ever-increasing focus of regulators in this area. Senior managers are accountable for conduct risk failings, and accordingly a strong conduct risk framework is an important tool in protecting against such failings. Based on our experience of assisting clients in this area, conduct risk management is still evolving and firms face many challenges. This paper by Milliman’s Karl Murray and Eamonn Phelan looks at recent and ongoing developments from around the globe and discusses actions firms need to take in order to address the changing business and legislative environment with regards to consumer protection.
Strengthening consumer protection has become a priority for insurance regulators in Europe. The Milliman Impact article “A level playing field: Conduct risk in Europe” examines the issues insurance companies and regulators must address to improve conduct risk under Solvency II.
Here’s an excerpt:
Globally, regulators are increasingly focused on consumer protection and mis-selling issues. “The UK and the US are ahead of the game when it comes to risk-based reporting and building regulation around the concept of consumer detriment, but many other markets, especially in Asia, are also looking to address these issues. They want to be seen as good places to do business and so are aligning their regulatory approaches with those of the more developed markets,” highlights Neil Cantle, principal at Milliman. …
…The need for senior management leadership will be key. The FSB identified the ‘tone from the top’ as a key indicator of the risk culture in major financial institutions in its initial report on conduct risk strategies in April 2014, and this has been embraced by the International Association of Insurance Supervisors and by EIOPA.
In particular, EIOPA has warned that the failure of many institutions and regulators to make the connection between conduct and prudential regulation has been a source of weakness in the past. It makes it clear in its Strategy towards a comprehensive risk-based and preventive framework for conduct of business supervision (published in January 2016) that “the interlinkages between conduct risk and the financial soundness of insurance undertakings and the stability of the financial system as a whole” will be a key focus as this agenda develops.
“In essence, it is about much more than the sales processes of individual insurance companies and intermediaries or even the potential reputational damage to the insurance industry. It is about ensuring financial stability and preventing any cross-contamination from poor conduct, whether that be product design, inappropriate sales incentives, poorly trained staff or inadequate monitoring,” outlines [Oliver Gillespie, principal at Milliman].